diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch new file mode 100644 index 0000000000..44d3e1dffe --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch @@ -0,0 +1,46 @@ +From f1df7d13b3e57a5e059273d2f0870163c08d7420 Mon Sep 17 00:00:00 2001 +From: Sutou Kouhei +Date: Mon, 20 May 2024 12:17:27 +0900 +Subject: [PATCH] Add support for old strscan + +Fix GH-132 + +If we support old strscan, users can also use strscan installed as a +default gem. + +Reported by Adam. Thanks!!! + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420] + +Signed-off-by: Divya Chellam +--- + .../gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index eab942d..8ea8b43 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -7,6 +7,17 @@ require "strscan" + + module REXML + module Parsers ++ if StringScanner::Version < "3.0.8" ++ module StringScannerCaptures ++ refine StringScanner do ++ def captures ++ values_at(*(1...size)) ++ end ++ end ++ end ++ using StringScannerCaptures ++ end ++ + # = Using the Pull Parser + # This API is experimental, and subject to change. + # parser = PullParser.new( "texttxet" ) +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch new file mode 100644 index 0000000000..25a9e70891 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch @@ -0,0 +1,130 @@ +From d146162e9a61574499d10428bc0065754cd26601 Mon Sep 17 00:00:00 2001 +From: NAITOH Jun +Date: Mon, 4 Mar 2024 05:24:53 +0900 +Subject: [PATCH] Remove `Source#string=` method (#117) + +We want to just change scan pointer. + +https://github.com/ruby/rexml/pull/114#discussion_r1501773803 +> I want to just change scan pointer (`StringScanner#pos=`) instead of +changing `@scanner.string`. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/d146162e9a61574499d10428bc0065754cd26601] + +Signed-off-by: Divya Chellam +--- + .../lib/rexml/parsers/baseparser.rb | 19 +++++++++++-------- + .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 8 ++++++-- + 2 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 8ea8b43..81415a8 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -231,8 +231,9 @@ module REXML + #STDERR.puts @source.encoding + #STDERR.puts "BUFFER = #{@source.buffer.inspect}" + if @document_status == nil ++ start_position = @source.position + if @source.match("/um, true)[1] ] +@@ -244,7 +245,7 @@ module REXML + else + message = "#{base_error_message}: invalid name" + end +- @source.string = "/um, true) +@@ -344,7 +346,7 @@ module REXML + else + message = "#{base_error_message}: invalid name" + end +- @source.string = " +Date: Thu, 13 Jun 2024 15:12:32 +0900 +Subject: [PATCH] Add a "malformed comment" check for top-level comments (#145) + +This check was missing. Therefore, `REXML::Document.new("/um, true)[1] ] ++ md = @source.match(/(.*?)-->/um, true) ++ if md.nil? ++ raise REXML::ParseException.new("Unclosed comment", @source) ++ end ++ if /--|-\z/.match?(md[1]) ++ raise REXML::ParseException.new("Malformed comment", @source) ++ end ++ return [ :comment, md[1] ] + elsif @source.match("DOCTYPE", true) + base_error_message = "Malformed DOCTYPE" + unless @source.match(/\s+/um, true) +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch new file mode 100644 index 0000000000..11a4c1ca54 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch @@ -0,0 +1,76 @@ +From b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 10:48:53 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside ` +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++- + .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 6 +++--- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 49c313c..767e134 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -125,6 +125,7 @@ module REXML + + module Private + INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um ++ INSTRUCTION_TERM = "?>" + TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um + CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um + ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um +@@ -652,7 +653,7 @@ module REXML + end + + def process_instruction(start_position) +- match_data = @source.match(INSTRUCTION_END, true) ++ match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM) + unless match_data + message = "Invalid processing instruction node" + @source.position = start_position +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb +index b20cc4f..08a035c 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb +@@ -72,7 +72,7 @@ module REXML + @scanner.scan_until(Regexp.union(term)) or @scanner.rest + end + +- def match(pattern, cons=false) ++ def match(pattern, cons=false, term: nil) + if cons + @scanner.scan(pattern).nil? ? nil : @scanner + else +@@ -184,7 +184,7 @@ module REXML + end + end + +- def match( pattern, cons=false ) ++ def match( pattern, cons=false, term: nil ) + read if @scanner.eos? && @source + while true + if cons +@@ -195,7 +195,7 @@ module REXML + break if md + return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size + return nil if @source.nil? +- return nil unless read ++ return nil unless read(term) + end + + md.nil? ? nil : @scanner +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch new file mode 100644 index 0000000000..0726927865 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch @@ -0,0 +1,87 @@ +From 0af55fa49d4c9369f90f239a9571edab800ed36e Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 10:57:39 +0900 +Subject: [PATCH] Fix ReDoS caused by very large character references using + repeated 0s (#169) + +This patch will fix the ReDoS that is caused by large string of 0s on a +character reference (like `�...`). + +This is occurred in Ruby 3.1 or earlier. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/text.rb | 48 +++++++++++++++------- + 1 file changed, 34 insertions(+), 14 deletions(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb +index 050b09c..0957d70 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb +@@ -151,25 +151,45 @@ module REXML + end + end + +- # context sensitive +- string.scan(pattern) do +- if $1[-1] != ?; +- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}" +- elsif $1[0] == ?& +- if $5 and $5[0] == ?# +- case ($5[1] == ?x ? $5[2..-1].to_i(16) : $5[1..-1].to_i) +- when *VALID_CHAR ++ pos = 0 ++ while (index = string.index(/<|&/, pos)) ++ if string[index] == "<" ++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}" ++ end ++ ++ unless (end_index = string.index(/[^\s];/, index + 1)) ++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}" ++ end ++ ++ value = string[(index + 1)..end_index] ++ if /\s/.match?(value) ++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}" ++ end ++ ++ if value[0] == "#" ++ character_reference = value[1..-1] ++ ++ unless (/\A(\d+|x[0-9a-fA-F]+)\z/.match?(character_reference)) ++ if character_reference[0] == "x" || character_reference[-1] == "x" ++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}" + else +- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}" ++ raise "Illegal character #{string.inspect} in raw string #{string.inspect}" + end +- # FIXME: below can't work but this needs API change. +- # elsif @parent and $3 and !SUBSTITUTES.include?($1) +- # if !doctype or !doctype.entities.has_key?($3) +- # raise "Undeclared entity '#{$1}' in raw string \"#{string}\"" +- # end + end ++ ++ case (character_reference[0] == "x" ? character_reference[1..-1].to_i(16) : character_reference[0..-1].to_i) ++ when *VALID_CHAR ++ else ++ raise "Illegal character #{string.inspect} in raw string #{string.inspect}" ++ end ++ elsif !(/\A#{Entity::NAME}\z/um.match?(value)) ++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}" + end ++ ++ pos = end_index + 1 + end ++ ++ string + end + + def node_type +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch new file mode 100644 index 0000000000..9d78112edd --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch @@ -0,0 +1,44 @@ +From c1b64c174ec2e8ca2174c51332670e3be30c865f Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 10:57:50 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside comments (#171) + +A `<` is treated as a string delimiter. +In certain cases, if `<` is used in succession, read and match are +repeated, which slows down the process. Therefore, the following is used +to read ahead to a specific part of the string in advance. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 767e134..81753ad 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -126,6 +126,7 @@ module REXML + module Private + INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um + INSTRUCTION_TERM = "?>" ++ COMMENT_TERM = "-->" + TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um + CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um + ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um +@@ -237,7 +238,7 @@ module REXML + return process_instruction(start_position) + elsif @source.match("/um, true) ++ md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM) + if md.nil? + raise REXML::ParseException.new("Unclosed comment", @source) + end +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch new file mode 100644 index 0000000000..bb2325bbbd --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch @@ -0,0 +1,44 @@ +From 9f1415a2616c77cad44a176eee90e8457b4774b6 Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 11:04:40 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside `CDATA [ PAYLOAD ]` (#172) + +A `<` is treated as a string delimiter. +In certain cases, if `<` is used in succession, read and match are +repeated, which slows down the process. Therefore, the following is used +to read ahead to a specific part of the string in advance. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 81753ad..c907f8c 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -127,6 +127,7 @@ module REXML + INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um + INSTRUCTION_TERM = "?>" + COMMENT_TERM = "-->" ++ CDATA_TERM = "]]>" + TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um + CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um + ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um +@@ -416,7 +417,7 @@ module REXML + + return [ :comment, md[1] ] if md + else +- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true) ++ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM) + return [ :cdata, md[1] ] if md + end + raise REXML::ParseException.new( "Declarations can only occur "+ +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch new file mode 100644 index 0000000000..e9413ba2c0 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch @@ -0,0 +1,44 @@ +From c33ea498102be65082940e8b7d6d31cb2c6e6ee2 Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 11:11:17 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + after ` +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index c907f8c..5391e0a 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -128,6 +128,7 @@ module REXML + INSTRUCTION_TERM = "?>" + COMMENT_TERM = "-->" + CDATA_TERM = "]]>" ++ DOCTYPE_TERM = "]>" + TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um + CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um + ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um +@@ -375,7 +376,7 @@ module REXML + end + return [ :comment, md[1] ] if md + end +- elsif match = @source.match(/(%.*?;)\s*/um, true) ++ elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM) + return [ :externalentity, match[1] ] + elsif @source.match(/\]\s*>/um, true) + @document_status = :after_doctype +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch new file mode 100644 index 0000000000..1de0551879 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch @@ -0,0 +1,36 @@ +From a79ac8b4b42a9efabe33a0be31bd82d33fd50347 Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 11:18:11 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside `]>` (#174) + +A `<` is treated as a string delimiter. +In certain cases, if `<` is used in succession, read and match are +repeated, which slows down the process. Therefore, the following is used +to read ahead to a specific part of the string in advance. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 5391e0a..c22b632 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -369,7 +369,7 @@ module REXML + raise REXML::ParseException.new(message, @source) + end + return [:notationdecl, name, *id] +- elsif md = @source.match(/--(.*?)-->/um, true) ++ elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM) + case md[1] + when /--/, /-\z/ + raise REXML::ParseException.new("Malformed comment", @source) +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch new file mode 100644 index 0000000000..a46ba171de --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch @@ -0,0 +1,53 @@ +From 67efb5951ed09dbb575c375b130a1e469f437d1f Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 11:26:57 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside `]>` (#175) + +A `<` is treated as a string delimiter. +In certain cases, if `<` is used in succession, read and match are +repeated, which slows down the process. Therefore, the following is used +to read ahead to a specific part of the string in advance. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index c22b632..c4de254 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -124,11 +124,15 @@ module REXML + } + + module Private +- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um ++ # Terminal requires two or more letters. + INSTRUCTION_TERM = "?>" + COMMENT_TERM = "-->" + CDATA_TERM = "]]>" + DOCTYPE_TERM = "]>" ++ # Read to the end of DOCTYPE because there is no proper ENTITY termination ++ ENTITY_TERM = DOCTYPE_TERM ++ ++ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um + TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um + CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um + ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um +@@ -304,7 +308,7 @@ module REXML + raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil? + return [ :elementdecl, " +Date: Tue, 16 Jul 2024 11:35:41 +0900 +Subject: [PATCH] Fix ReDoS by using repeated space characters inside + `]>` (#176) + +Fix performance by removing unnecessary spaces. + +This is occurred in Ruby 3.1 or earlier. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index c4de254..a9b1b44 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -340,7 +340,7 @@ module REXML + contents = md[0] + + pairs = {} +- values = md[0].scan( ATTDEF_RE ) ++ values = md[0].strip.scan( ATTDEF_RE ) + values.each do |attdef| + unless attdef[3] == "#IMPLIED" + attdef.compact! +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch new file mode 100644 index 0000000000..5a7cbe18dc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch @@ -0,0 +1,36 @@ +From 910e5a2b487cb5a30989884a39f9cad2cc499cfc Mon Sep 17 00:00:00 2001 +From: Watson +Date: Tue, 16 Jul 2024 11:36:05 +0900 +Subject: [PATCH] Fix performance issue caused by using repeated `>` characters + inside `` (#177) + +A `<` is treated as a string delimiter. +In certain cases, if `<` is used in succession, read and match are +repeated, which slows down the process. Therefore, the following is used +to read ahead to a specific part of the string in advance. + +CVE: CVE-2024-39908 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index a9b1b44..4864ba1 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -413,7 +413,7 @@ module REXML + #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}" + raise REXML::ParseException.new("Malformed node", @source) unless md + if md[0][0] == ?- +- md = @source.match(/--(.*?)-->/um, true) ++ md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM) + + case md[1] + when /--/, /-\z/ +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 6a381b2e40..f967cc6948 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -54,6 +54,18 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://CVE-2025-27221-0001.patch \ file://CVE-2025-27221-0002.patch \ file://CVE-2024-35176.patch \ + file://CVE-2024-39908-0001.patch \ + file://CVE-2024-39908-0002.patch \ + file://CVE-2024-39908-0003.patch \ + file://CVE-2024-39908-0004.patch \ + file://CVE-2024-39908-0005.patch \ + file://CVE-2024-39908-0006.patch \ + file://CVE-2024-39908-0007.patch \ + file://CVE-2024-39908-0008.patch \ + file://CVE-2024-39908-0009.patch \ + file://CVE-2024-39908-0010.patch \ + file://CVE-2024-39908-0011.patch \ + file://CVE-2024-39908-0012.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"